{"id":13731,"date":"2026-01-07T10:07:02","date_gmt":"2026-01-07T04:37:02","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=13731"},"modified":"2026-01-07T10:07:04","modified_gmt":"2026-01-07T04:37:04","slug":"how-to-optimize-firewalld-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/how-to-optimize-firewalld-on-linux-server","title":{"rendered":"How to Optimize FirewallD on Linux Server &#8211; Easy Guide"},"content":{"rendered":"\n<p><strong>To optimize FirewallD on a Linux server,<\/strong> align zones to network roles, prefer service definitions over raw ports, minimize rule count, use the nftables backend and IP sets for scale, enable logging wisely, and automate changes with permanent configs. Validate with firewall-cmd, monitor with journalctl, and benchmark rule impact before production.<\/p>\n\n\n\n<p>If you want to learn how to optimize FirewallD on Linux server environments for speed, security, and maintainability, this guide is for you. Drawing on 12+ years of server management, I\u2019ll show you practical steps, proven patterns, and commands that keep FirewallD fast and predictable on CentOS, RHEL, AlmaLinux, Rocky Linux, Fedora, or Ubuntu systems where FirewallD is installed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-firewalld-and-why-optimization-matters\"><strong>What is FirewallD and Why Optimization Matters<\/strong><\/h2>\n\n\n\n<p><strong>FirewallD is a dynamic firewall<\/strong> manager that applies rules without dropping connections. It manages zones, services, and policies, and typically uses nftables (modern) or iptables (legacy) as its backend. Optimizing it improves throughput, reduces CPU overhead on <a href=\"https:\/\/www.youstable.com\/blog\/reseller-web-hosting-business\/\">busy hosts<\/a>, and makes your security posture easier to audit and automate.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-optimization-checklist\"><strong>Quick Optimization Checklist<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Confirm nftables backend is in use.<\/li>\n\n\n\n<li>Map interfaces to the correct zones (public, internal, dmz).<\/li>\n\n\n\n<li>Prefer services over raw ports; <a href=\"https:\/\/www.youstable.com\/blog\/create-a-custom-hosting-environment-with-a-dedicated-server\/\">create custom<\/a> services for apps.<\/li>\n\n\n\n<li>Use IP sets for bulk allow\/deny lists.<\/li>\n\n\n\n<li>Keep rules lean; avoid overlapping or duplicate entries.<\/li>\n\n\n\n<li>Separate runtime tests from permanent configuration and reload cleanly.<\/li>\n\n\n\n<li>Log smartly (drop\/reject), not excessively.<\/li>\n\n\n\n<li>Automate with Ansible and version control your configs.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-enable-and-verify-firewalld\"><strong>Install, Enable, and Verify FirewallD<\/strong><\/h2>\n\n\n\n<p>Most enterprise distros ship FirewallD by default. Ensure it\u2019s running and using nftables for best performance.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># RHEL\/CentOS\/AlmaLinux\/Rocky\nsudo dnf install -y firewalld\nsudo systemctl <a href=\"https:\/\/www.youstable.com\/blog\/se-firewalld-on-linux\/\">enable --now firewalld<\/a>\n\n# Ubuntu\/Debian (optional alternative to UFW)\nsudo apt update &amp;&amp; sudo apt install -y firewalld\nsudo systemctl enable --now firewalld\n\n# Verify status &amp; default zone\nsudo firewall-cmd --state\nsudo firewall-cmd --get-default-zone\n\n# Check backend (nftables is preferred)\nsudo firewall-cmd --info-backend\n\n# See active rules\nsudo firewall-cmd --list-all<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"design-with-zones-map-networks-to-intent\"><strong>Design with Zones: Map Networks to Intent<\/strong><\/h2>\n\n\n\n<p>Zones are the foundation of FirewallD. Assign interfaces and sources to zones based on trust level. This reduces the need for per-host custom rules and prevents accidental exposure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"map-interfaces-and-sources\"><strong>Map Interfaces and Sources<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># List zones\nsudo firewall-cmd --get-zones\n\n# View zone details\nsudo firewall-cmd --zone=public --list-all\n\n# Set default zone (restrictive is safer)\nsudo firewall-cmd --set-default-zone=public\n\n# Assign interface to a zone (runtime)\nsudo firewall-cmd --zone=internal --change-interface=eth1\n\n# Persist changes\nsudo firewall-cmd --permanent --zone=internal --change-interface=eth1\nsudo firewall-cmd --reload\n\n# Allow a source subnet in internal zone\nsudo firewall-cmd --permanent --zone=internal --add-source=10.10.0.0\/16\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"use-services-over-ports-create-custom-services\"><strong>Use Services Over Ports (Create Custom Services)<\/strong><\/h3>\n\n\n\n<p>Services group ports and protocols under a readable name and can include XML descriptions. This improves readability and reduces mistakes.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Add standard services to a zone\nsudo firewall-cmd --permanent --zone=public --add-service=http\nsudo firewall-cmd --permanent --zone=public --add-service=https\n\n# Custom service (e.g., app-dashboard on 8443\/tcp)\n# Create \/etc\/firewalld\/services\/app-dashboard.xml with:\n&lt;service&gt;\n  &lt;short&gt;app-dashboard&lt;\/short&gt;\n  &lt;description&gt;Internal dashboard on 8443\/tcp&lt;\/description&gt;\n  &lt;port protocol=\"tcp\" port=\"8443\"\/&gt;\n&lt;\/service&gt;\n\n# Load and use the custom service\nsudo firewall-cmd --reload\nsudo firewall-cmd --permanent --zone=internal --add-service=app-dashboard\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"performance-tuning-keep-it-fast-and-scalable\"><strong>Performance Tuning: Keep It Fast and Scalable<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"use-nftables-backend\"><strong>Use nftables Backend<\/strong><\/h3>\n\n\n\n<p>nftables is the modern backend that applies rules more efficiently than legacy iptables. If iptables is detected, consider upgrading the OS or ensuring nft is enabled by default on supported distros.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prefer-ip-sets-for-bulk-rules\"><strong>Prefer IP Sets for Bulk Rules<\/strong><\/h3>\n\n\n\n<p>When you need to <a href=\"https:\/\/www.youstable.com\/blog\/block-ip-address-by-country\/\">allow or block<\/a> many IPs or networks, IP sets are significantly faster than individual rich rules.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Create an ipset and add members\nsudo firewall-cmd --permanent --new-ipset=blocked --type=hash:ip\nsudo firewall-cmd --permanent --ipset=blocked --add-entry=203.0.113.10\nsudo firewall-cmd --permanent --ipset=blocked --add-entry=198.51.100.0\/24\n\n# Drop traffic from the ipset in public zone\nsudo firewall-cmd --permanent --zone=public \\\n  --add-rich-rule='rule source ipset=blocked drop'\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"reduce-rule-count-and-complexity\"><strong>Reduce Rule Count and Complexity<\/strong><\/h3>\n\n\n\n<p>Group ports into services, use subnets instead of many single IPs, and remove duplicate rules. Fewer rules mean faster evaluation and simpler audits.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"use-rich-rules-sparingly\"><strong>Use Rich Rules Sparingly<\/strong><\/h3>\n\n\n\n<p>Rich rules are flexible (rate limits, logging, matching) but heavier than simple service or port rules. Use them only when you need their advanced matching logic.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"connection-tracking-awareness\"><strong>Connection Tracking Awareness<\/strong><\/h3>\n\n\n\n<p>FirewallD relies on stateful filtering. Avoid unnecessary open inbound ports; allow established\/related traffic implicitly via the service model. For high-connection workloads (reverse proxies), offload TLS and keep rule sets minimal.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"hardening-visibility-and-logging\"><strong>Hardening, Visibility, and Logging<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-smart-logging\"><strong>Enable Smart Logging<\/strong><\/h3>\n\n\n\n<p>Log only what you need. Excessive logging can hurt performance and fill disks.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Add a log + drop rule for suspicious SSH bursts\nsudo firewall-cmd --permanent --zone=public \\\n  --add-rich-rule='rule family=ipv4 service name=ssh log prefix=\"FW-SSH \" level=\"info\" limit value=\"5\/m\" drop'\nsudo firewall-cmd --reload\n\n# View logs\nsudo journalctl -xeu firewalld --no-pager\nsudo journalctl -k | grep FW-SSH<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"panic-and-lockdown-modes\"><strong>Panic and Lockdown Modes<\/strong><\/h3>\n\n\n\n<p>Panic mode drops all traffic in emergencies; lockdown mode restricts who can change FirewallD settings. Useful in incident response.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Panic mode\nsudo firewall-cmd --panic-on\nsudo firewall-cmd --panic-off\n\n# Lockdown mode\nsudo firewall-cmd --lockdown-on\nsudo firewall-cmd --lockdown-off<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"lightweight-ddos-friction\"><strong>Lightweight DDoS Friction<\/strong><\/h3>\n\n\n\n<p>FirewallD is not a full DDoS solution, but you can add friction: rate-limit new connections, drop obvious floods, and combine with Fail2Ban at the service layer.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Simple SYN rate limit on 80\/tcp via rich rule\nsudo firewall-cmd --permanent --zone=public \\\n  --add-rich-rule='rule family=ipv4 service name=http limit value=\"50\/s\" accept'\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nat-masquerading-and-port-forwarding\"><strong>NAT, Masquerading, and Port Forwarding<\/strong><\/h2>\n\n\n\n<p>For routing and reverse proxy setups, FirewallD can manage NAT and forwarding policies cleanly within zones.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Enable masquerading (e.g., on an edge gateway)\nsudo firewall-cmd --permanent --zone=public --add-masquerade\n\n# Forward 80\/tcp on the gateway to a backend 10.0.0.10:8080\nsudo firewall-cmd --permanent --zone=public \\\n  --add-forward-port=port=80:proto=tcp:toaddr=10.0.0.10:toport=8080\n\n# Allow the backend service in the appropriate zone\nsudo firewall-cmd --permanent --zone=internal --add-port=8080\/tcp\n\n# Apply changes\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"runtime-vs-permanent-make-changes-safely\"><strong>Runtime vs Permanent: Make Changes Safely<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/www.youstable.com\/blog\/how-to-configure-firewalld-on-linux\/\">FirewallD maintains separate runtime and permanent configurations<\/a>. Test changes at runtime, then persist them to avoid surprises on reboot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Test (runtime)\nsudo firewall-cmd --zone=public --add-service=http\n\n# Persist once verified\nsudo firewall-cmd --permanent --zone=public --add-service=http\nsudo firewall-cmd --reload\n\n# Validate configuration\nsudo firewall-cmd --check-config<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"backup-automation-and-ci-cd-for-firewalld\"><strong>Backup, Automation, and CI\/CD for FirewallD<\/strong><\/h2>\n\n\n\n<p>Treat your firewall like code. Back up XML files, review changes, and roll them out via automation for consistency across fleets.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"backup-and-version-control\"><strong>Backup and Version Control<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Backup all configs\nsudo tar czf \/root\/firewalld-backup.tgz \/etc\/firewalld\n\n# Restore on a new server\nsudo systemctl <a href=\"https:\/\/www.youstable.com\/blog\/how-to-stop-and-disable-firewalld\/\">stop firewalld<\/a>\nsudo tar xzf \/root\/firewalld-backup.tgz -C \/\nsudo systemctl start firewalld\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ansible-example\"><strong>Ansible Example<\/strong><\/h3>\n\n\n\n<p>Use Ansible\u2019s firewalld module for idempotent deployments. Example tasks:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>- name: Ensure firewalld is running\n  service:\n    name: firewalld\n    state: started\n    enabled: true\n\n- name: Set default zone\n  firewalld:\n    permanent: true\n    immediate: true\n    state: enabled\n    default_zone: public\n\n- name: Allow HTTP\/HTTPS\n  firewalld:\n    zone: public\n    service: \"{{ item }}\"\n    permanent: true\n    state: enabled\n    immediate: true\n  loop:\n    - http\n    - https<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-recipes-youll-actually-use\"><strong>Common Recipes You\u2019ll Actually Use<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"harden-ssh\"><strong>Harden SSH<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow SSH only from your office IP\nsudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=203.0.113.50\/32 service name=ssh accept'\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"allow-a-port-range-for-passive-ftp-or-voip\"><strong>Allow a Port Range for Passive FTP or VoIP<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --permanent --zone=public --add-port=30000-30100\/tcp\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"list-everything-for-audits\"><strong>List Everything for Audits<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --list-all-zones\nsudo firewall-cmd --get-active-zones\nsudo nft list ruleset | less   # Deep dive into generated nftables<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-and-diagnostics\"><strong>Troubleshooting and Diagnostics<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Rules not applying?<\/strong> Ensure you used <code>--permanent<\/code> and ran <code>--reload<\/code>.<\/li>\n\n\n\n<li><strong>Connection blocked unexpectedly?<\/strong> Check the interface\u2019s zone mapping.<\/li>\n\n\n\n<li><strong>Performance issues?<\/strong> Count rules, consolidate services, prefer ipsets, and confirm the nft backend.<\/li>\n\n\n\n<li><strong>Conflicts with other tools?<\/strong> Disable overlapping managers (e.g., UFW) and avoid dual control.<\/li>\n\n\n\n<li><strong>Need visibility?<\/strong> Use <code>journalctl -xeu firewalld<\/code>, <code>ss -tulpn<\/code>, and <code>tcpdump<\/code> to verify flows.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-optimize-firewalld-on-linux-server\"><strong>FAQ&#8217;s: Optimize FirewallD on Linux Server<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765870190806\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"1-is-firewalld-better-than-iptables-for-performance\">1. <strong>Is FirewallD better than iptables for performance?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>FirewallD is a manager; performance comes from the backend. With nftables as the backend, you typically get better scalability and simpler rules than legacy iptables. For most modern distros, nftables via FirewallD is the best mix of performance and maintainability.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765870197188\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"2-how-do-i-check-which-zone-is-applied-to-my-interface\">2. <strong>How do I check which zone is applied to my interface?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Run <code>firewall-cmd --get-active-zones<\/code> to see interfaces mapped to zones. To change an interface\u2019s zone permanently, use <code>firewall-cmd --permanent --zone=public --change-interface=eth0<\/code> followed by <code>firewall-cmd --reload<\/code>.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765870201689\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"3-whats-the-fastest-way-to-block-many-ips\">3. <strong>What\u2019s the fastest way to block many IPs?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use an IP set. Create it once and add entries to it, then reference the ipset in a single rich rule. This is far faster and cleaner than adding many individual drop rules.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765870210621\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"4-does-firewalld-affect-web-server-throughput\">4. <strong>Does FirewallD affect web server throughput?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>A well-optimized ruleset has negligible impact on web throughput. Problems usually arise from excessive, overlapping, or logging-heavy rules. Keep rule count low, prefer services, and log thoughtfully to preserve performance.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765870220238\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"5-how-do-i-safely-test-firewalld-changes-on-production\">5. <strong>How do I safely test FirewallD changes on production?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Apply changes at runtime first, confirm connectivity, then persist them with <code>--permanent<\/code> and reload. Keep a rescue console ready. For fleets, test in staging and automate deployments with Ansible for repeatability.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"conclusion\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/www.youstable.com\/blog\/optimize-redis-on-linux\/\">Optimizing FirewallD on a Linux server<\/a> is about clarity and control: map zones correctly, prefer services, use nftables and ipsets, keep rules lean, and automate. With these practices, you\u2019ll improve security and performance while making your firewall policy easier to run at any scale.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To optimize FirewallD on a Linux server, align zones to network roles, prefer service definitions over raw ports, minimize rule [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":17183,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-13731","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Optimize-FirewallD-on-Linux-Server.jpg","author_info":{"display_name":"Prahlad Prajapati","author_link":"https:\/\/www.youstable.com\/blog\/author\/prahladblog"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=13731"}],"version-history":[{"count":3,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13731\/revisions"}],"predecessor-version":[{"id":17185,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13731\/revisions\/17185"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/17183"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=13731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=13731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=13731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}